Gerry Hickman said:
Right, that does mean it will only work (interactively) on stations with
netdom installed though.
Yes. Since I'm doing the domain join as part of an unattended build, I just
include the netdom.exe file as part of the build. If you're looking for a
way to add machines that have already been built to a specific OU, then I'm
not sure.
What you're really looking for is a way to specify in Active Directory which
should be the default container/OU to add machines to. It's probably
possible to do that. Perhaps one of the Directory Services guys might
know -- a repost in microsoft.public.windows.server.active_directory might
do the trick.
It would be really cool if you could somehow use a WMI filter specified
using AD that could determine the correct default OU for a machine.
I find the lack of an OU field in the GUI very odd, when you think Win2k
was designed to work with AD. Even more strange is that (apparently) XP
does not have this facility either.
I think most people would find it confusing, to be honest. Most people
would not get the LDAP path correct if you had to type it by hand. To
provide a browse button, you'd need to authenticate against AD first.
While most small businesses I know will go to the keyboard of the machine to
do a domain join, bigger companies are more likely to create the machine
account in the correct OU and then let the end user do the domain join
themselves. Then again, the default of allowing 10 domain joins per user
doesn't tie up with this, as it doesn't have any administrative involvement.
You really don't want people dumping new machines into your computers
container.
As you've probably realised, you can't apply a GPO to the computers
container (because it's a container). So, if you want a GPO to apply here,
you have to apply it at the site or domain level, at which point it's going
to get applied to your servers and probably several other machines you don't
want to hit.
Regards
Oli